Automated Security Analysis of Infrastructure Clouds

Bleikertz, Sören

January 2010

Cloud computing has gained remarkable popularity in the recent years by a wide spectrum of consumers, ranging from small start-ups to governments. However, its benefits in terms of flexibility, scalability, and low upfront investments, are shadowed by security challenges which inhibit its adoption. In particular, these highly flexible but complex cloud computing environments are prone to misconfigurations leading to security incidents, eg, erroneous exposure of services due to faulty network security configurations. In this thesis we present a novel approach in the security assessment of multi-tier architectures deployed on infrastructure clouds such as Amazon EC2. In order to perform this assessment for the currently deployed configuration, we automated the process of extracting the configuration using the Amazon API and translating it into a generic data model for later analysis. In the assessment we focused on the reachability and vulnerability of services in the virtual infrastructure, and presented a way for the visualization andautomated analysis based on reachability and attack graphs. We proposed a query and policy language for the analysis which can be used to obtain insights into the configuration and to specify desired and undesired configurations. We have implemented the security assessment in a prototype and evaluated it for practical andtheoretical scenarios. Furthermore, a framework is presented which allows the evaluation of configuration changes in the agile and dynamic cloud environments with regard to properties like vulnerabilities or expected availability. In case of a vulnerability perspective, this evaluation can be used to monitor the securitylevels of the configuration over its lifetime and to indicate degradations.

ntnudaim

Information security

Specification of security properties by JML

Dulaj, Ilir

January 2010

Nowadays, verification of programs is gaining increased importance. The software industry appears more and more interested in methods and tools to ensure security in their applications. Java Modeling Language has been successfully used in the past by programmers to express their intentions in the Design by Contract fashion in sequential programming. One of the design goals of JML was to improve the functional software correctness of Java applications. Regarding the verification of security properties, JML was mostly successful in Java Smart Card applets due to the specifics of these applications. In this thesis work we investigate the feasibility of JML to express high-level security properties in Java applications that have more realistic requirements and are implemented in the object oriented technology. We do a threat analysis of a case study regarding a medical clinic and derive the required security properties to secure the application. We develop a prototype application where we specify high-level security properties with JML and use a runtime assertion checking tool to verify the code. We model the functional behavior of the prototype that establishes the security proper-ties as a finite state automaton. Our prototype is developed based on this automaton. States and state transitions modeled in the automaton are expressed in the prototype with JML annotations and verified during runtime. We observe that currently available features in JML are not very feasible to capture the security related behavior of Java programs on the level of the entire application.

ntnudaim

Information security

¡§The Welsh School¡¨ of Critical Security Studies

Kuo, Hui-shun

22 August 2007

Since the initial stages of 1980s, the global world faced the huge shift. Many security scholars try to challenge and review the mainstream security studies that derived from a combination of Anglo-American, statist, militarized, masculinized, methodologically positivist, and philosophically realist thinking. ¡§The Welsh School¡¨ of Critical Security Studies is one of the most important approach. The Welsh School thinks about security as developing in the light of the Frankfurt School, and brings the tradition of ¡§critical¡¨, ¡§epistemology position¡¨, and ¡§emancipation¡¨ to the security studies. The Welsh School separate the core of critical security studies(CSS) into three concepts: security, emancipation, and community, therefore, this study try to explain and review these concepts. Firstly, CSS tried to ¡§deepen¡¨ the concepts of ¡§security¡¨, deconstruct statism and bring the referent to individual, and then ¡§broaden¡¨ the agenda of security to discuss the traditional and non-traditional issues in the globalization world. Secondly, CSS emphasize the relationship of theory and practice, and expect to achieve their goal-¡§emancipatory politics¡¨. Via the construction of emancipatory community, people could released from contingent and structural oppressions, and create a free and equal environment. Despite the states still the major referent in international institution and security environment, and the main concept of The Welsh School still not practice in contemporary politics, but the first task of CSS is to bring a revision of the world, and then create a comprehensive and humanity security thinking.

community

The Welsh School

critical security studies(CSS)

security

emancipation

statism

Mänsklig säkerhet i Sudan- För vem och mot vad?

Grundevik, Rick

January 2008

The concept of security is a contested one. The United Nations definition in UNDPs Development report of 1994 is the most authoritive and commonly cited. The civil war in Sudan has led to 2 million deaths and over 5.5 million refugees. In a resolution from 2005, the UN decided that the war in Sudan was a threat to international security and peace. The 10th of January UN decided that a peace commission ought to be send with 10 000 military and civil men including 700 policemen. The main purpose of this thesis is to improve our knowledge of those factors which can cause an increased risk of conflict within a state, and how that can affect the social conditions for individuals. First, I analyse which kind of threats to human security that are to be identified in Sudan. Secondly, I discuss and analyse the role of UN in Sudan, focusing on the human security issues. Different information from sources is analyzed through qualitative content analysis, with quantative components. The theoretical perspective is based on Johan Galtungs theory concerning positive and negative peace, but also on the concept of human security. Based on the collected data and the theoretical framework the conclusions are that it is a clear connection between the direct violence and the structural and cultural violence in south Sudan. It depends on the historical legacy but also because of the deep rooted structures of the institutions in Sudan. The conflict is about the oil and the ethnic and cultural identification. All this is a threat to the human security in Sudan, due to the condition about social equitable and the right to have a decent life. The UN has resolved the immediate military threat in the south of Sudan. There are a lot of things to be done before the security situation reach the UN definition of human security. The Sudan government must be responsible for implementing policies to assure this security.

Security

human security

Sudan

direct violence

structural violence

cultural violence

Can income security enhance growth in developing countries? : A study of the effects on economic growth of income support programs for the unemployed and elderly in developing countries

Cras, Patrik, Rosén, Christer

January 2006

This paper addresses the question if income security can enhance economic growth in developing countries? It takes its starting point in the income security problems of a developing country and summarizes evidence from published empirical research on formal income security mechanisms. We conclude that the findings on incomes security efficiency effects are ambiguous. A limited econometric study based on data from Chile is carried out with a regression showing that social securities total effect on economic growth is negative but more econometric research on total effect on growth are needed to give a definite answer.

economic growth

income security

social security

developing countries.

Economics

Nationalekonomi

A Risk-Based Optimization Framework for Security Systems Upgrades at Airports

Berbash, Khaled

January 2010

Airports are fast-growing dynamic infrastructure assets. For example, the Canadian airport industry is growing by 5% annually and generates about $8 billion yearly. Since the 9/11 tragedy, airport security has been of paramount importance both in Canada and worldwide. Consequently, in 2002, in the wake of the attacks, the International Civil Aviation Organization (ICAO) put into force revised aviation security standards and recommended practices, and began a Universal Security Audit Program (USAP), in order to insure the worldwide safeguarding of civil aviation in general, and of airports in particular, against unlawful interference. To improve aviation security at both the national level and for individual airport, airport authorities in North America have initiated extensive programs to help quantify, detect, deter, and mitigate security risk. At the research level, a number of studies have examined scenarios involving threats to airports, the factors that contribute to airport vulnerability, and decision support systems for security management. However, more work is still required in the area of developing decision support tools that can assist airport officials in meeting the challenges associated with decision about upgrades; determining the status of their security systems and efficiently allocating financial resources to improve them to the level required. To help airport authorities make cost-effective decisions about airport security upgrades, this research has developed a risk-based optimization framework. The framework assists airport officials in quantitatively assessing the status of threats to their airports, the vulnerability to their security systems, and the consequences of security breaches. A key element of this framework is a new quantitative security metric ; the aim of which is to assist airport authorities self-assess the condition of their security systems, and to produce security risk indices that decision makers can use as prioritizing criteria and constraints when meeting decisions about security upgrades. These indices have been utilized to formulate an automated decision support system for upgrading security systems in airports. Because they represent one of the most important security systems in an airport, the research focuses on passenger and cabin baggage screening systems. Based on an analysis of the related threats, vulnerabilities and consequences throughout the flow of passengers, cabin baggage, and checked-in luggage, the proposed framework incorporates an optimization model for determining the most cost-effective countermeasures that can minimize security risks. For this purpose, the framework first calculates the level of possible improvement in security using a new risk metric. Among the important features of the framework is the fact that it allows airport officials to perform multiple “what-if” scenarios, to consider the limitations of security upgrade budgets, and to incorporate airport-specific requirements. Based on the received positive feedback from two actual airports, the framework can be extended to include other facets of security in airports, and to form a comprehensive asset management system for upgrading security at both single and multiple airports. From a broader perspective, this research contributes to the improvement of security in a major transportation sector that has an enormous impact on economic growth and on the welfare of regional, national and international societies.

Airport Security Systems

Security Risk Assessment

Optimization Framework

Civil Engineering

Decision makin in the Security Council, States conduct and its consequences : A theory developing study aimed to explain the behaviour of the states in the UN Security Council

Chaudhry, Moniba

January 2011

The chief purpose of this study is to develop a theoretical framework which can contribute to a broader theoretical understanding of the actions of the U.N. Security Council and its members. The framework rests upon a rationalistic foundation and it is set up with two different models of explanation; a first with focus on power and security and the second which is an institutional explanation. The framework is then applied on a case study in which the behavior of theUnited Statesand theUnited Kingdomin the Security Council are explained. The outcome of the paper is worth mentioning that the member nations have find the Security Council to be an important institution and that there is an apprehension of the precedential power of the institution. The study also points out that a permanent member is more likely to use its veto when there are strong national reasons of so doing. In general the developed theoretical framework seems to be well appropriate to explain states behavior in the Security Council and may provide a foundation for further theoretical studies on the subject.

A Risk-Based Optimization Framework for Security Systems Upgrades at Airports

Berbash, Khaled

January 2010

Airports are fast-growing dynamic infrastructure assets. For example, the Canadian airport industry is growing by 5% annually and generates about $8 billion yearly. Since the 9/11 tragedy, airport security has been of paramount importance both in Canada and worldwide. Consequently, in 2002, in the wake of the attacks, the International Civil Aviation Organization (ICAO) put into force revised aviation security standards and recommended practices, and began a Universal Security Audit Program (USAP), in order to insure the worldwide safeguarding of civil aviation in general, and of airports in particular, against unlawful interference. To improve aviation security at both the national level and for individual airport, airport authorities in North America have initiated extensive programs to help quantify, detect, deter, and mitigate security risk. At the research level, a number of studies have examined scenarios involving threats to airports, the factors that contribute to airport vulnerability, and decision support systems for security management. However, more work is still required in the area of developing decision support tools that can assist airport officials in meeting the challenges associated with decision about upgrades; determining the status of their security systems and efficiently allocating financial resources to improve them to the level required. To help airport authorities make cost-effective decisions about airport security upgrades, this research has developed a risk-based optimization framework. The framework assists airport officials in quantitatively assessing the status of threats to their airports, the vulnerability to their security systems, and the consequences of security breaches. A key element of this framework is a new quantitative security metric ; the aim of which is to assist airport authorities self-assess the condition of their security systems, and to produce security risk indices that decision makers can use as prioritizing criteria and constraints when meeting decisions about security upgrades. These indices have been utilized to formulate an automated decision support system for upgrading security systems in airports. Because they represent one of the most important security systems in an airport, the research focuses on passenger and cabin baggage screening systems. Based on an analysis of the related threats, vulnerabilities and consequences throughout the flow of passengers, cabin baggage, and checked-in luggage, the proposed framework incorporates an optimization model for determining the most cost-effective countermeasures that can minimize security risks. For this purpose, the framework first calculates the level of possible improvement in security using a new risk metric. Among the important features of the framework is the fact that it allows airport officials to perform multiple “what-if” scenarios, to consider the limitations of security upgrade budgets, and to incorporate airport-specific requirements. Based on the received positive feedback from two actual airports, the framework can be extended to include other facets of security in airports, and to form a comprehensive asset management system for upgrading security at both single and multiple airports. From a broader perspective, this research contributes to the improvement of security in a major transportation sector that has an enormous impact on economic growth and on the welfare of regional, national and international societies.

Airport Security Systems

Security Risk Assessment

Optimization Framework

Civil Engineering

A Study of Japan's Energy Security Strategy

Yeh, Chiu-lan

17 July 2008

Japan is the third energy consumption country in the world (next to the United States, and China), and the lowest to its energy self-sufficiency among advanced countries. Japan is aware of its dependence on the unstable Middle East for the energy security. Therefore, to ensure the Japanese having reliable supply of energy, become a vital issue not only to its economic development but also its national security. Japanese government attempted to change the condition of their vulnerability in regard to energy security and dependence on foreign energy. Japanese energy diplomacy primarily hopes to guarantee their energy security. Japan¡¦s energy security relied on other countries since postwar was an indisputable fact. Japan is unable to control energy security which is not surprising. However, Japan is the second largest economy country in the world, therefore, Japan's energy security strategy and concrete achievement, immediately impacts on Japan's politics and economic performance. Consequently, it brings a significant influence on the international politics and economics development. After postwar, Japan's energy security relied on the protective umbrella that U.S. provided. Two main constructions are: the maintenance of U.S.-Japan security alliance and the U.S. Pacific fleet control the sea lines of communication (SLOCs). The world energy domain changed rapidly since the cold war was ended. The Soviet Union contains rich reserved energy and opens to the capitalism market. This is a breakthrough opportunity for Japan especially when it is in an energy security dilemma. In addition, Chinese economic has been rising in recent years, the initiation energy is in demanding, that also impacts greatly on the energy market among Asian regions. As for Japan, its deficiency in energy resources becomes a numerous threat. Therefore, Japan's energy security problem not only affects the Asian regions, but also breaks that existing international power balance.

energy security strategy

energy security

geopolitics

Japan

energy diplomacy

Assessment of Enterprise Information Security : - How to make it Credible and Efficient

Johansson, Erik

January 2005

<p>Information is an important business asset in today’s enterprises. Hence enterprise information security is an important system quality that must be carefully managed. Although enterprise information security is acknowledged as one of the most central areas for enterprise IT management, the topic still lacks adequate support for decision making on top-management level.</p><p>This composite thesis consists of four articles which presents the Enterprise Information Security Assessment Method (EISAM), a comprehensive method for assessing the current state of the enterprise information security. The method is useful in helping guide top-management’s decision-making because of the following reasons: 1) it is easy to understand, 2) it is prescriptive, 3) it is credible, and 4) it is efficient.</p><p>The assessment result is easy to understand because it presents a quantitative estimate. The result can be presented as an aggregated single value, abstracting the details of the assessment. The result is easy to grasp and enables comparisons both within the organization and in terms of industry in general.</p><p>The method is prescriptive since it delivers concrete and traceable measurements. This helps guide top-level management in their decisions regarding enterprise-wide information security by highlighting the areas where improvements efforts are essential.</p><p>It is credible for two reasons. Firstly, the method presents an explicit and transparent definition of enterprise information security. Secondly, the method in itself includes an indication of assessment uncertainty, expressed in terms of confidence levels.</p><p>The method is efficient because it focuses on important enterprise information security aspects, and because it takes into account how difficult it is to find security related evidence. Being resource sparse it enables assessments to take place regularly, which gives valuable knowledge for long-term decision-making.</p><p>The usefulness of the presented method, along with its development, has been verified through empirical studies at a leading electric power company in Europe and through statistical surveys carried out among information security experts in Sweden.</p><p>The success from this research should encourage further researcher in using these analysis techniques to guide decisions on other enterprise architecture attributes.</p>

Enterprise Information Security

Enterprise Architecture

Security Assessment

Information Technology Management